mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
8173 commits 16 branches 550 tags 288 MiB
Commit graph

1026 commits

Author SHA1 Message Date
Mariam Fahmy
2ea7e7ce76
feat: add new field to control VAP generation per policy (#12242) 
* feat: add new field to control VAP generation per policy

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: remove 1.28 and 1.29 from tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-28 13:35:13 +00:00
Frank Jogeleit
5f42a0bad8
feat: context function to request resources from api server (#12181) 
* feat: context function to request resources from api server

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* add chainsaw test

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* replace dclient with dynamic client

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

* update test case

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

---------

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-27 13:31:03 +00:00
Mariam Fahmy
b8a1731d49
feat: generate VAPs given celexceptions (#12255) 
* feat: generate VAPs given celexceptions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: modify chainsaw tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix linter

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-27 13:08:35 +00:00
shuting
26a6b37265
feat: add evaluation mode to api (#12262) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-27 16:31:10 +05:30
Charles-Edouard Brétéché
ebaad6fbb1
feat: improve validating policy api (#12243) 
* feat: improve validating policy api

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-26 15:18:12 +00:00
Mariam Fahmy
75a10ac550
feat: introduce generic exception interface (#12244) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-25 16:11:19 +00:00
Charles-Edouard Brétéché
9d56f5f2b5
feat: stop reusing admissionregistrationv1.ValidatingAdmissionPolicySpec (#12246) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-25 14:48:47 +00:00
Mariam Fahmy
6359fd4a1a
feat: generate VAPs from VPs (#12222) 
* feat: generate VAPs from VPs

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix codegen

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix chainsaw tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-25 20:27:29 +08:00
Vishal Choudhary
c056321cba
chore(refactor): refactor image verification packages (#12220) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2025-02-23 08:55:32 +00:00
Mariam Fahmy
76751b96b3
feat: support celexceptions in the CLI apply command (#12182) 
* feat: support celexceptions in the CLI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: add unit tests

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-19 08:38:44 +00:00
Mariam Fahmy
b723553c7e
fix: add result count for VPs in the CLI (#12193) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-18 20:51:36 +00:00
Khaled Emara
2b28538bd3
feat(gctx): add jmespath caching through projections (#11833) 
feat(gctx): move ready check to runtime

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-18 15:51:14 +00:00
Charles-Edouard Brétéché
873522f44a
chore: cel policies nits (#12184) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-17 20:12:23 +00:00
shuting
9aebe10d15
refactor: status manager (#12173) 
* chore: move webhook status reconciler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: status removal

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-14 15:22:25 +00:00
Frank Jogeleit
05f9bb4506
feat: configure admission and background flag for ValidatingPolicies (#12153) 2025-02-13 17:24:45 +00:00
Mohd Kamaal
de75c64a02
structuring log (#12111) 
* structuring log

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

* Update controller.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update main.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update run.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update config.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

---------

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Co-authored-by: Kamaal <kamaal@macs-MacBook-Air.local>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-13 15:02:02 +00:00
shuting
7ef2764365
feat: aggregate vpol.status.conditions (#12133) 
* feat: add vpol status controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update ready API struct

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: printer coloum

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: update status cmp func

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: support status.RBACPermissionsGranted

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-12 11:04:18 +00:00
Mariam Fahmy
7d5750a717
chore: move celexceptions to the new group (#12143) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-11 19:05:22 +02:00
shuting
0548d09c21
feat: add status.autogen (#12109) 
* feat: add status.autogen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-07 22:22:49 +05:30
Mariam Fahmy
a4c10f6bb4
feat: compile and evaluate polex's match conditions (#12113) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-06 15:30:59 +02:00
Charles-Edouard Brétéché
02fceb64f7
feat: implement background scan (#12101) 
* feat: implement background scan

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* scanner

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor request

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-06 05:49:41 +02:00
Mariam Fahmy
04efe351a7
chore: remove polex match constraints (#12103) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 17:56:58 +00:00
Mariam Fahmy
970c255765
feat: validate CELPolicyExceptions (#12083) 
* feat: validate CELPolicyExceptions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: add cel-policy-exceptions tests in the CI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 15:01:11 +00:00
shuting
1f3d82893b
feat: add vpol status (#11956) 
* feat: add vpol status

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: update status API

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update code-gen manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: reconcile vpol.status.conditions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: add default webhook filters

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: enable .status subresource

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: linter

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-05 14:16:53 +00:00
Charles-Edouard Brétéché
8fc6e78c16
feat: add validating policies to reports aggregation (#12096) 
* feat: add validating policies to reports aggregation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chainsaw test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-05 13:21:28 +00:00
Charles-Edouard Brétéché
4a4aef54d3
feat: add reporting to validating admission handler (#12090) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 20:32:18 +00:00
Mariam Fahmy
9e8b655f6f
chore: add celpolicyexceptions in helm chart (#12084) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 00:15:45 +08:00
Khaled Emara
88d3dc67d8
fix(flag): lookup kubeconfig only after parsing (#12082) 
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
 2025-02-04 14:15:58 +00:00
Charles-Edouard Brétéché
3b0c9d662c
refactor: webhook server/handlers (#12079) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 14:52:48 +02:00
Charles-Edouard Brétéché
b908b1037a
feat: consider validation actions (#12072) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 06:29:40 +02:00
Charles-Edouard Brétéché
884a77a044
feat: add context provider in admission handling (#12070) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-03 19:11:31 +02:00
Vishal Choudhary
7d8ed212a4
feat: create image data loader (#12036) 
* feat: add image data loader to context

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: build

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update types

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: replace crane with remote

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-03 13:42:40 +00:00
Mariam Fahmy
4c950dcb32
feat: use v1 of ValidatingAdmissionPolicies (#12050) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-01-31 14:21:43 +00:00
Charles-Edouard Brétéché
dfa9f2f727
feat(validating policies): add support for ns and object selectors (#12034) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-30 01:07:01 +02:00
Charles-Edouard Brétéché
30360e871a
feat: execute handler (#12033) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-29 11:24:13 -08:00
Charles-Edouard Brétéché
1d3a9294cc
feat: watch validating policies (#12008) 
* feat: watch validating policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rest config

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-28 16:24:40 +00:00
Charles-Edouard Brétéché
60315cb3a0
feat: add rest config support in setup code (#12019) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-01-28 14:53:14 +00:00
Mariam Fahmy
da717c4b17
feat: add validation action to VPs (#12017) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-01-28 14:34:26 +01:00
Charles-Edouard Brétéché
92436bf4ed
refactor: use k8s wait group (#12010) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-27 23:25:33 +00:00
Charles-Edouard Brétéché
f6494287cc
fix: make flags compatible with controller-runtime (#12009) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-27 22:42:39 +00:00
Charles-Edouard Brétéché
620ddd80d1
test: add more cli vp tests (#12006) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-27 17:17:08 +08:00
Charles-Edouard Brétéché
a5fe768a53
feat: implement cel engine context provider (#11995) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-24 15:42:58 +00:00
Charles-Edouard Brétéché
f5467fcd61
refactor: reduce generic policy interface (#11977) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-22 16:32:30 +00:00
Charles-Edouard Brétéché
61d69c9290
refactor: reduce generic policy interface (#11974) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-22 09:03:48 +00:00
Charles-Edouard Brétéché
54a8a53205
feat: add validating policy engine api wrapper (#11963) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-21 15:59:34 +08:00
Charles-Edouard Brétéché
6535cb763d
fix: cli schema generation (#11959) 
* fix: cli schema generation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: cli schema generation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-20 22:00:41 +08:00
Charles-Edouard Brétéché
a30fc14d4d
feat: add namespace support in CLI values (#11958) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-20 13:43:13 +02:00
Charles-Edouard Brétéché
5cc408dddb
feat: use policy provider (#11947) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-20 09:43:05 +00:00
Ammar Yasser
da3d5247fa
log non fatal parsing errors (#11932) 
* log non fatal parsing errors

Signed-off-by: Your Name <you@example.com>

* log at the error level

Signed-off-by: Your Name <you@example.com>

* add check for nil

Signed-off-by: Your Name <you@example.com>

* add check for nil

Signed-off-by: Your Name <you@example.com>

---------

Signed-off-by: Your Name <you@example.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-01-17 15:46:57 +00:00
Charles-Edouard Brétéché
7351501ef6
feat(cli,apply): load validating policies (#11933) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-01-17 09:53:17 +00:00